Event ID 1058 — Group Policy Preprocessing (Networking)
Applies To: Windows Server 2008
Group Policy processing requires network connectivity to one or more domain controllers. The Group Policy service reads information from Active Directory and the sysvol share located on a domain controller. The absence of network connectivity prevents Group Policy from applying to the user or computer.
Event Details
Product: | Windows Operating System |
ID: | 1058 |
Source: | Microsoft-Windows-GroupPolicy |
Version: | 6.0 |
Symbolic Name: | gpEvent_GPT_NOTACCESSIBLE |
Message: | The processing of Group Policy failed. Windows attempted to read the file %9 from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled. |
Resolve
Correct connectivity to the Group Policy template
The Group Policy service logs the name of the domain controller and the error code. This information appears on the Details tab of the error message in Event Viewer. The error code (displayed as a decimal) and error description fields further identify the reason for the failure. Evaluate the error code with the list below:
- Error code 3
- Error code 5
- Error code 53
Error code 3 (The system cannot find the path specified)
This error code usually indicates that the client computer cannot find the path specified in the event.
This failure may be caused by the DFS Client not running. Refer to the Microsoft Knowledge Base article about how to resolve this failure (https://support.microsoft.com/kb/314494).
To test client connectivity to the domain controller's sysvol:
- Identify the domain controller used by computer. The domain controller name is logged in the details of the error event.
- Identify if failure happened during user or computer processing. For user policy processing, the User field of the event will show a valid user name; for computer policy processing, the User field will show "SYSTEM".
- Compose full network path to the gpt.ini as \\<dcName>\SYSVOL\<domain>\Policies\<guid>\gpt.ini where <dcName> is the name of the domain controller, <domain> is the name of the domain, and <guid> is the GUID of the policy folder. All of this information appears in the event.
- Verify you can read gpt.ini using the full network path obtained in the previous step. To do this, launch a command window and type <file_path>, where <file_path> is the path constructed in the previous step, and press ENTER. NOTE: You must launch this command as the user or computer whose credentials previously failed.
- Follow Network troubleshooting procedures to diagnose the problem further (https://go.microsoft.com/fwlink/?LinkId=92706).
Error code 5 (Access is denied)
This error code usually indicates that the user or computer does not have the appropriate permissions to access the path specified in the event.
On the domain controller: Ensure the the user and computer have appropriate permission to read the path specified in the event.
To test computer and user credentials:
- Log off and reboot the computer.
- Log on the computer with the domain credentials previously used.
- If the error still persists after verifying the permissions on the resource, then follow Network troubleshooting procedures to diagnose the problem further (https://go.microsoft.com/fwlink/?LinkId=92706).
Error code 53 (The network path was not found)
This error code usually indicates that the computer cannot resolve the name in the provided network path.
To test network path name resolution:
- Identify the domain controller used by the computer. The name of the domain controller is logged in the details of the error event.
- Try to connect to the netlogon share on the domain controller using the path \\<dcName>\netlogon where <dcName> is the name the name of the domain controller in the error event.
- If the error still persists, then follow Network troubleshooting procedures to diagnose the the problem further (https://go.microsoft.com/fwlink/?LinkId=92706).
Verify
Group Policy applies during computer startup and user logon. Afterward, Group Policy applies every 90 to 120 minutes. Events appearing in the event log may not reflect the most current state of Group Policy. Therefore, you should always refresh Group Policy to determine if Group Policy is working correctly.
To refresh Group Policy on a specific computer:
- Open the Start menu. Click All Programs and then click Accessories.
- Click Command Prompt.
- In the command prompt window, type gpupdate and then press ENTER.
- When the gpupdate command completes, open the Event Viewer.
Group Policy is working correctly if the last Group Policy event to appear in the System event log has one of the following event IDs:
- 1500
- 1501
- 1502
- 1503